CN106776089A - A kind of spaceborne embedded software code self checking error correction method - Google Patents

A kind of spaceborne embedded software code self checking error correction method Download PDF

Info

Publication number
CN106776089A
CN106776089A CN201611065610.5A CN201611065610A CN106776089A CN 106776089 A CN106776089 A CN 106776089A CN 201611065610 A CN201611065610 A CN 201611065610A CN 106776089 A CN106776089 A CN 106776089A
Authority
CN
China
Prior art keywords
code
byte
fpga
embedded software
check results
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611065610.5A
Other languages
Chinese (zh)
Inventor
王杰
李雅琼
李杨
朱浩然
关贵注
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aerospace Long March Launch Vehicle Technology Co Ltd
Beijing Institute of Telemetry Technology
Original Assignee
Aerospace Long March Launch Vehicle Technology Co Ltd
Beijing Institute of Telemetry Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aerospace Long March Launch Vehicle Technology Co Ltd, Beijing Institute of Telemetry Technology filed Critical Aerospace Long March Launch Vehicle Technology Co Ltd
Priority to CN201611065610.5A priority Critical patent/CN106776089A/en
Publication of CN106776089A publication Critical patent/CN106776089A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0751Error or fault detection not based on redundancy
    • G06F11/0754Error or fault detection not based on redundancy by exceeding limits
    • G06F11/0757Error or fault detection not based on redundancy by exceeding limits by exceeding a time limit, i.e. time-out, e.g. watchdogs

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Detection And Correction Of Errors (AREA)

Abstract

A kind of spaceborne embedded software code self checking error correction method, task functional code is carried out into sector address distribution, after program operation, code in appropriate address is carried out into XOR and calculating by byte accumulation, accumulated in each timing cycle of setting and calculate a byte, the check results triplication redundancy obtained first after whole codes have been calculated;Circulation carries out accumulation exclusive or check, the check results that will be obtained every time and first results contrast, continues if identical, and code exception is judged if continuous three differences;FPGA or upper level control system are reported by abnormality, mark is allowed according to reset, carry out reset operation.The present invention is directed to software task function code, solves the limitation of the Reliability Measures such as triplication redundancy, house dog and power-off restarting operation.The method take resource it is few, using flexible, can carry out being resetted from master reset or by upper level system as needed in the case of product is not powered off, effectively increase software code reliability of operation, security.

Description

A kind of spaceborne embedded software code self checking error correction method
Technical field
It is particularly a kind of to be directed to spaceborne insertion the present invention relates to a kind of spaceborne embedded software code self checking error correction method The self checking error correction method of the important code in part in formula software, belongs to spaceborne Digital Electronic Technique field.
Background technology
Spaceborne embedded software code is vulnerable to single event influence under space environment and Data flipping occurs, so as to lead Cause software work abnormal even product function failure.The measure of conventional raising running software reliability at present has software code three The methods such as mould redundancy, software watchdog.Whole code triplication redundancies are big to memory space requirement, time-consuming for redundant operation, part Code triplication redundancy coverage rate is limited, and software watchdog only plays supervisory function bit to program fleet and hello dog section code error, if Above-mentioned measure is invalid can be resumed operation using power-off restarting, but power operation often because product or system operation on orbit state without Method is carried out in real time.
The content of the invention
Present invention solves the technical problem that:Overcome the deficiencies in the prior art, there is provided a kind of spaceborne embedded software code Self checking error correction method, for software task function (function) code, solves the software reliabilities such as triplication redundancy, house dog and arranges Impose and power-off restarting operation confinement problems.
Technical solution of the invention:
A kind of spaceborne embedded software code self checking error correction method, is realized based on DSP and FPGA, is comprised the following steps:
(1) spaceborne embedded software code is divided into main program code and task functional code, and is separately positioned on DSP In middle different memory space;
(2) the spaceborne embedded software code load operating is made, main program code is timed to task functional code Verification, by the running status for setting watch dog monitoring main program code;
(3) judge whether to reach default checking time, if it has been reached, then main program code is to task functional code Accumulation calculates an XOR for byte and obtains initial check results, afterwards execution step (4);Otherwise return and perform step (2);
(4) initial check results are carried out into triplication redundancy treatment;
(5) start checking procedure next time, i.e., perform step (2)~(4) again, obtain new check results with initial school Result is tested to be compared, it is inconsistent then to perform step (6) if unanimously, repeating step (5);
(6) judge whether that the new check results that continuous three checking procedures have been obtained are different from initial check results, if Continuous three differences, then perform step (7), otherwise returns and performs step (5);
(7) judge task functional code exception, and generate reset application, submit to FPGA or report upper level by FPGA System;
(8) FPGA or upper level system send reset instruction according to authority set in advance to DSP, and program is reloaded, Recover normal operation.
Step (3) main program code task functional code accumulation is calculated XOR for byte and, specially:Appoint The memory space address scope of business function code is i~i+n;I, n are positive integer, and i>0, the i+n memory space less than DSP is big It is small;
Main program code carries out XOR and calculating to the byte at the byte at the i of address and address i+1, obtains result Ri+1, Again by Ri+1XOR and calculating are carried out with the byte at the i+2 of address, result R is obtainedi+2, by that analogy, until by Ri+n-1With address i The byte at+n places carries out XOR and calculating, obtains result Ri+n, i.e., initial check results.
The default checking time is set to 0.1ms~1ms.
Step (8) FPGA or upper level system are referred specifically to according to authority set in advance:The work ginseng noted on ground Number, if allow FPGA or upper level system to send reset instruction or time delay to DSP at once after the application that resets is received Reset instruction is sent to DSP.
Present invention advantage compared with prior art is:
(1) what spaceborne embedded software generally improved running software using measures such as triplication redundancy, software watchdogs can By property, some software faults even need to recover normal by re-powering loading.Whole code triplication redundancies are to storage Space requirement is big, time-consuming for redundant operation, and partial code triplication redundancy coverage rate is limited, software watchdog only to program fleet and Feed dog section code error and play supervisory function bit, if above-mentioned measure is invalid can be resumed operation using power-off restarting, but power operation Often because product or system operation on orbit state cannot be carried out in real time.Above method is had some limitations using upper.
(2) a kind of spaceborne embedded software code self checking error correction method proposed by the present invention, take resource it is few, using spirit It is living, can need to carry out from master reset according to system or reset is carried out by upper level operate in the case where product is not powered off, have Improve software code reliability of operation, security to effect.
Brief description of the drawings
Fig. 1 is operation principle schematic diagram of the invention;
Fig. 2 is the inventive method flow chart.
Specific embodiment
The present invention proposes a kind of spaceborne embedded software code self checking error correction method, to task function (function) code Accumulation verification is circulated, is resetted from master reset or upward level system application according to check results, realized in orbit not Restorability under powering-off state, its principle is as shown in Figure 1.
Hardware circuit is mainly made up of DSP, FPGA, PROM, house dog, the SMJ320C6701 of DSP model TI companies, UT28F256, the house dog model MAXIM of the A3P250 of FPGA model ACTEL companies, PROM model UTMC company are public The MAX706 of department.
After upper electricity, PROM Programs are loaded onto DSP inside 64K program storage areas, and code is divided into main program code and task Function code, is stored by address space set in advance.Main program code is responsible for major cycle and the operation of main body program frame, appoints Business function code is including communication analysis, each function of task function, algorithmic function etc..
After main program operation, house dog is responsible for monitoring the running status of main program;Main program is by task work(in appropriate address Energy code carries out XOR and calculating by byte accumulation, and timing cycle is set as needed, and accumulation calculates one in each timing cycle Individual or multiple bytes, the check results obtained first after whole codes have been calculated carry out triplication redundancy;It is different that circulation carries out accumulation Or verify, the check results for obtaining every time are compared with result first, continue if identical, judge if continuous three differences Code exception;The machine FPGA or upper level control system are reported by abnormality, mark is allowed according to reset, carry out reset behaviour Make.
A kind of spaceborne embedded software code self checking error correction method of the present invention, is realized, its workflow based on DSP and FPGA Journey is as shown in Figure 2.
Comprise the following steps:
(1) spaceborne embedded software code is divided into main program code and task functional code, and is separately positioned on DSP In middle different memory space;
(2) the spaceborne embedded software code load operating is made, main program code is timed to task functional code Verification, by the running status for setting watch dog monitoring main program code;
(3) judge whether to reach default checking time, if it has been reached, then main program code is to task functional code Accumulation calculates an XOR for byte and obtains initial check results, afterwards execution step (4);Otherwise return and perform step (2);Default checking time is set to 0.1ms~1ms.
By the DSP maximum codes capacity for being used is 64K bytes, to reduce the total time that code accumulation verifies one time, Checking time is spaced no more than 1ms.Calculated by task functional code 50K bytes, checking time 0.1ms, complete verification is completed 5s is about taken, i.e., task functional code exception is judged by continuous three checking procedures, and generate the time of the application that resets about 15s。
Step (3) main program code task functional code accumulation is calculated XOR for byte and, specially:Appoint The memory space address scope of business function code is i~i+n;I, n are positive integer, and i>0, the i+n memory space less than DSP is big It is small;
Main program code carries out XOR and calculating to the byte at the byte at the i of address and address i+1, obtains result Ri+1, Again by Ri+1XOR and calculating are carried out with the byte at the i+2 of address, result R is obtainedi+2, by that analogy, until by Ri+n-1With address i The byte at+n places carries out XOR and calculating, obtains result Ri+n, i.e., initial check results.
(4) initial check results are carried out into triplication redundancy treatment;
(5) start checking procedure next time, i.e., perform step (2)~(4) again, obtain new check results with initial school Result is tested to be compared, it is inconsistent then to perform step (6) if unanimously, repeating step (5);
(6) judge whether that the new check results that continuous three checking procedures have been obtained are different from initial check results, if Continuous three differences, then perform step (7), otherwise returns and performs step (5);
(7) judge task functional code exception, and generate reset application, submit to FPGA or report upper level by FPGA System;
(8) FPGA or upper level system send reset instruction according to authority set in advance to DSP, and program is reloaded, Recover normal operation.
Step (8) FPGA or upper level system are referred specifically to according to authority set in advance:The running parameter noted on ground, be No permission FPGA or upper level system send reset instruction or time delay to DSP to DSP at once after the application that resets is received Send reset instruction.
Spaceborne embedded software code self checking error correction method proposed by the present invention, solves triplication redundancy, house dog etc. Reliability Measures and the limitation of power-off restarting operation.The method take resource it is few, using flexible, can not powered off in product In the case of, carry out being resetted from master reset or by upper level system as needed, effectively increase software code operation can By property, security.
Embodiment:
Test case 1:Test environment is built using DSP emulators, is injected by parameter and is forbidden the machine FPGA to be weighed from master reset Limit, understands that check results are 0x2C first after upper electricity operation by telemetry;It is now artificial to inject failure, in simulated environment Breakpoint is set and changes task functional code memory space and specify a data for position at address, after about 15s, remote measurement display verification Result is 0x2D and applies from master reset.
Test case 2:Program offline operation, is injected by parameter and enables the machine FPGA from master reset authority, after upper electricity operation Understand that check results are 0x2C first by telemetry;Now artificial injection failure, task is replaced using parameter injection mode Function code memory space specifies a data for byte at address, and after about 15s, program is from master reset.
The content not being described in detail in description of the invention belongs to the known technology of those skilled in the art.

Claims (4)

1. a kind of spaceborne embedded software code self checking error correction method, is realized based on DSP and FPGA, it is characterised in that including with Lower step:
(1) spaceborne embedded software code is divided into main program code and task functional code, and is not respectively provided with dsp not In same memory space;
(2) the spaceborne embedded software code load operating is made, main program code is timed verification to task functional code, By the running status for setting watch dog monitoring main program code;
(3) judge whether to reach default checking time, if it has been reached, then main program code accumulates task functional code Calculate an XOR for byte and obtain initial check results, afterwards execution step (4);Otherwise return and perform step (2);
(4) initial check results are carried out into triplication redundancy treatment;
(5) start checking procedure next time, i.e., perform step (2)~(4) again, obtain new check results with initial verification knot Fruit is compared, inconsistent then to perform step (6) if unanimously, repeating step (5);
(6) judge whether that the new check results that continuous three checking procedures have been obtained are different from initial check results, if continuously Three differences, then perform step (7), otherwise returns and performs step (5);
(7) judge task functional code exception, and generate reset application, submit to FPGA or report upper level system by FPGA System;
(8) FPGA or upper level system send reset instruction according to authority set in advance to DSP, and program is reloaded, and recover Normal operation.
2. a kind of spaceborne embedded software code self checking error correction method according to claim 1, it is characterised in that:It is described Step (3) main program code task functional code accumulation is calculated XOR for byte and, specially:Task functional code Memory space address scope is i~i+n;I, n are positive integer, and i>0, the i+n storage size less than DSP;
Main program code carries out XOR and calculating to the byte at the byte at the i of address and address i+1, obtains result Ri+1, then will Ri+1XOR and calculating are carried out with the byte at the i+2 of address, result R is obtainedi+2, by that analogy, until by Ri+n-1At the i+n of address Byte carry out XOR and calculating, obtain result Ri+n, i.e., initial check results.
3. a kind of spaceborne embedded software code self checking error correction method according to claim 1, it is characterised in that:It is described Default checking time is set to 0.1ms~1ms.
4. a kind of spaceborne embedded software code self checking error correction method according to claim 1, it is characterised in that:It is described Step (8) FPGA or upper level system are referred specifically to according to authority set in advance:The running parameter noted on ground, if allow FPGA or upper level system send reset instruction or time delay and send multiple to DSP to DSP at once after the application that resets is received Bit instruction.
CN201611065610.5A 2016-11-28 2016-11-28 A kind of spaceborne embedded software code self checking error correction method Pending CN106776089A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611065610.5A CN106776089A (en) 2016-11-28 2016-11-28 A kind of spaceborne embedded software code self checking error correction method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611065610.5A CN106776089A (en) 2016-11-28 2016-11-28 A kind of spaceborne embedded software code self checking error correction method

Publications (1)

Publication Number Publication Date
CN106776089A true CN106776089A (en) 2017-05-31

Family

ID=58904760

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611065610.5A Pending CN106776089A (en) 2016-11-28 2016-11-28 A kind of spaceborne embedded software code self checking error correction method

Country Status (1)

Country Link
CN (1) CN106776089A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113051007A (en) * 2021-04-15 2021-06-29 中国科学院微小卫星创新研究院 Device and method for quickly guiding housekeeping software
CN113485884A (en) * 2021-06-08 2021-10-08 北京控制工程研究所 Processor characteristic-based satellite-borne software abnormal state monitoring method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101551763A (en) * 2009-05-15 2009-10-07 中国人民解放军国防科学技术大学 Method and device for repairing single event upset in field programmable logic gate array
CN101937375A (en) * 2010-08-27 2011-01-05 浙江大学 Code and data real-time error correcting and detecting method and device for pico-satellite central processing unit
CN101976212A (en) * 2010-10-27 2011-02-16 西安空间无线电技术研究所 Small amount code reloading-based DSP anti-single-event error correction method
US20110119399A1 (en) * 2009-11-13 2011-05-19 International Business Machines Corporation Deadlock-free class routes for collective communications embedded in a multi-dimensional torus network
CN103218272A (en) * 2013-04-25 2013-07-24 西安空间无线电技术研究所 Spaceborne digital signal processor turning reinforcing method
CN103869804A (en) * 2014-03-11 2014-06-18 中国汽车工程研究院股份有限公司 Program stream monitoring method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101551763A (en) * 2009-05-15 2009-10-07 中国人民解放军国防科学技术大学 Method and device for repairing single event upset in field programmable logic gate array
US20110119399A1 (en) * 2009-11-13 2011-05-19 International Business Machines Corporation Deadlock-free class routes for collective communications embedded in a multi-dimensional torus network
CN101937375A (en) * 2010-08-27 2011-01-05 浙江大学 Code and data real-time error correcting and detecting method and device for pico-satellite central processing unit
CN101976212A (en) * 2010-10-27 2011-02-16 西安空间无线电技术研究所 Small amount code reloading-based DSP anti-single-event error correction method
CN103218272A (en) * 2013-04-25 2013-07-24 西安空间无线电技术研究所 Spaceborne digital signal processor turning reinforcing method
CN103869804A (en) * 2014-03-11 2014-06-18 中国汽车工程研究院股份有限公司 Program stream monitoring method

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113051007A (en) * 2021-04-15 2021-06-29 中国科学院微小卫星创新研究院 Device and method for quickly guiding housekeeping software
CN113051007B (en) * 2021-04-15 2024-04-26 中国科学院微小卫星创新研究院 Star software rapid guiding device and method
CN113485884A (en) * 2021-06-08 2021-10-08 北京控制工程研究所 Processor characteristic-based satellite-borne software abnormal state monitoring method
CN113485884B (en) * 2021-06-08 2023-06-06 北京控制工程研究所 Processor characteristic-based satellite-borne software abnormal state monitoring method

Similar Documents

Publication Publication Date Title
CN102356383B (en) Method and system for determining fault tolerance in integrated circuits
CN100568254C (en) A kind of credible platform module and active measure thereof
CA2836333A1 (en) Firmware upgrade error detection and automatic rollback
Overholt et al. Improving reliability through better models: Using synchrophasor data to validate power plant models
CN104579313B (en) A kind of in-orbit SRAM type FPGA fault detects and restorative procedure based on configuration frame
CN104793075B (en) A kind of routine test system of PWR nuclear power plant protection system
CN111274077A (en) Disk array reliability testing method, system, terminal and storage medium
CN105425201A (en) Metering chip simulation test method used for intelligent electric energy meter software reliability detection
CN104536303A (en) Fault injection method
CN103235591B (en) A kind of online fault filling method combined based on hardware and software direct fault location
CN105045146B (en) A kind of system with reset function and its restart control method
CN109656870A (en) A kind of in-orbit dynamic restructuring management system of SRAM type FPGA and method
CN106776089A (en) A kind of spaceborne embedded software code self checking error correction method
CN109766230A (en) Single-deck SSD powered-off fault test method, device and computer equipment
CN108009050A (en) A kind of memory node failure restart after service reliability test method and device
CN109813999A (en) A kind of Fault Diagnosis of Distribution Network algorithm automatically testing platform, method and application
Bernardi et al. Adding dependability analysis capabilities to the MARTE profile
US20150154091A1 (en) Bios maintenance method
CN109783390A (en) PSU firmware promotion and demotion stability test method, apparatus, terminal and storage medium
CN104125504A (en) Deployment method, device and system based on continuous integration
US8661305B2 (en) Method and system for test vector generation
CN103150223A (en) Method for preventing epon terminal equipment from being damaged and epon terminal equipment
CN114138587A (en) Reliability verification method, device and equipment for upgrading server power firmware
CN108874425A (en) Configuration file update method, device, baseboard management controller and storage medium
CN107515737A (en) A kind of method for the configuration information word for loading MCU chip

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170531

RJ01 Rejection of invention patent application after publication